Cerca nel supporto

Attenzione alle mail truffa. Mozilla non chiederà mai di chiamare o mandare messaggi a un numero di telefono o di inviare dati personali. Segnalare qualsiasi attività sospetta utilizzando l'opzione “Segnala abuso”.

Learn More

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

FF60 is disallowing google, bing and other well-trusted sites. As a work-around our system administrators are having users uninstall ff60 and install ff52.

  • 18 risposte
  • 2 hanno questo problema
  • 922 visualizzazioni
  • Ultima risposta di jpramac2

more options

FireFox (on macOs) is not allowing browsing to Google and Bing and other trusted sites. Currently our enterprise solution is to uninstall Firefox 60 and install Firefox 52, disconnect from the network and choose "Never update Firefox" in the Firefox configuration. This seems to be a poor solution. Are you planning to fix this issue??

Soluzione scelta

So, I exported my enterprise certificate from my mac keychain and imported it into Firefox (60) and now Google and the other trusted sites are working great. THANK YOU!!

Leggere questa risposta nel contesto 👍 0

Tutte le risposte (18)

more options

Firefox doesn't block access to Google or Bing, so something else is causing issues. Firefox 52 is also not supported, or safe to use.

Can you please give the exact error message that shows when you go to Google or Bing?

more options

Please see the screenshot for what I am seeing in Firefox 60

www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

more options

https://www.google.com/search?q=google%2F&ie=utf-8&oe=utf-8&client=firefox-b-1-ab

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: true HTTP Public Key Pinning: true

Certificate chain:


BEGIN CERTIFICATE-----

MIIEnDCCAoSgAw {removed text..} iGH0P4=


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIHljCCBX6gAwIBAgIJANTMjRbVASgjMA {removed text} de4U/d/Do72Nihs59wI=


END CERTIFICATE-----
more options

It sounds like your employer is injecting something into the certificates. Can you inspect the certificate and view the issuer?

more options

Tyler Downer said

It sounds like your employer is injecting something into the certificates. Can you inspect the certificate and view the issuer?
more options

Unfortunately, when I try to inspect the cert, there is no information about the cert. However, I agree that your suggestion about the injection is probably accurate. If that is the case, can you suggest a workaround in Firefox?

more options

How do I send a screenshot?

more options

You are wrong. I have screenshot of Google.com being blocked by Firefox. Tell me how to attach screenshot and you will see.

more options

You are wrong. I have screenshot of Google.com being blocked by Firefox. Tell me how to attach screenshot and you will see.

more options

Says "Connection is untrusted"

more options

Hi jpramac2, earlier you posted:

-----BEGIN CERTIFICATE-----
MIIEnDCCAoSgAw
{removed text..}
iGH0P4=

END CERTIFICATE-----

If you take that certificate gibberish and pop it into a decoder such as the following, it should display out the Issuer information. This could indicate security software or a proxy server.

https://certlogik.com/decoder/

If you like, you can paste it here for consideration.

Also, for an enterprise environment that uses a proxy, you could consider this setting, which will cause Firefox to trust the authority certificates your admins add to the Mac keychain or Windows certificate store:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste enterp and pause while the list is filtered

(3) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

more options

JimStinson said

How do I send a screenshot?

JimStinson said

You are wrong. I have screenshot of Google.com being blocked by Firefox. Tell me how to attach screenshot and you will see.

JimStinson said

Says "Connection is untrusted"

Hi JimStinson, please start your own question reduce confusion, you are not helping the original poster with your replies:

https://support.mozilla.org/questions/new/desktop/fix-problems

Scroll down on that page to continue with the form.

more options

I made "security.enterprise_roots.enabled = true" and that did not fix the problem.

BTW... thank you for helping me with this issue, I really like Firefox and don't want to use Safari or Chrome...

more options

Hi jpramac2, that is a very weird issuer. I wonder if the administrator is supposed to edit those settings.

If you use another browser and check the certificate information there (for example, in Chrome, I think you can find it in the dev tools under Security, try pressing F12 to open those), does it show that same issuer?

more options

I should say that I edited the issuer name from the original to 'my domain.com'

Please see attached Chrome certificate

more options

Aha. Do you think it's a company proxy? If the "enterprise roots" shortcut doesn't work, you can import the proxy's signing certificate. This is an old thread with the general approach, but I haven't check the specific settings details recently: https://support.mozilla.org/questions/1206606#answer-1081584

more options

yes, that makes sense! I'll try that... thank you

more options

Soluzione scelta

So, I exported my enterprise certificate from my mac keychain and imported it into Firefox (60) and now Google and the other trusted sites are working great. THANK YOU!!